GDPR Privacy Policy

Updated on 25.05.2018.

GDPR has been introduced to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international businesses.

Order Acceptance and terms:

Please note that it is now a mandatory  requirement for all future orders to be created, only on acceptance of our full terms and conditions and privacy policy. You will be prompted to both read, and accept our terms and conditions prior to any orders being accepted, or new accounts being created.

Please ensure you have fully read and accept our terms and conditions in full prior to using any of our services

Viewing and Updating Profile Information:

Our client area provides a self-service portal for you to update / modify and view your Profile / account data. This same client portal also provides your customers with access to update their personal information including name, email address, postal address and phone number as well as any other profile related information.

Your rights to erasure (also known as the ‘right to be forgotton’):

Please see the ‘Formal Data Removal’ option to the left hand side of this menu for more information, or to process a ‘Data Removal Request’. Please note that we retain the right to store personal information for all clients who have paid an invoice within the past 7 years which is mandatory for distribution to the HMRC.

Email Marketing, Status Updates and General Email Communications:

Please note that you will ONLY be contacted by us either for marketing, product or status updates etc on the basis that you have signed up via https://mybb-themes.club – upon doing so, you accepted our terms and conditions which state communication will be made via email, using the data stored within your customer profile.

We use two methods for sending marketing, newsletters and status / product updates…

MailChimp – We use MailChimp to contact customers regarding status updates, product announcements or general marketing. Our mailing list is generated on the basis that you have registered to our site, via https://mybb-themes.club. Upon registering, you automatically become enrolled in our Marketing List via MailChimp. Of course, you can choose to remove yourself from our listing by clicking ‘unsubscribe’ within the email received. Once unsubscribed, we will no longer contact you via our MailChimp marketing.

WHMCS / Client Portal – We may from time to time contact you via our client area – by using our service, you agree to be contacted via this method however you will not be sent anything for ‘general marketing’ – as such, we retain the right to contact you for the purposes of status updates etc.

Formal Data Removal Request:

The introduction of the new GDPR legislation gives clients more control over what data is collected about them and how long that data is stored. With this legislation comes the ability for a customer/client to request the removal of their data. Although the legislation applies only to European nationals, we have opened up this system to all users as we feel that your privacy and trust in us is paramount.

If you wish to have your data removed as part of the GDPR “right to be forgotten” you are able to request this, if the following criteria apply to you;

  • You have no currently active services with us
  • You must not have made any payments to us within the last 7 years
  • You are the original account owner

If you meet all of these criteria, then simply click the below button to request your data to be removed;

We will provide an answer to this request within 2 weeks, from here we may ask you for proof of identity as well as a few security questions. After this you will be provided with a final confirmation page, that you must agree to before the data can be deleted.

If your request is successful you will not receive a response to your original request, but a final automated email confirming that your personal information was been purged from our databases.

You may also request the data removal request directly by raising a ticket to our Support System, with the following format.

Example Request Format

Dear MyBB Themes Club,

I hereby formally request that all physical or digital personal data is either destroyed and purged from your databases.

I acknowledge this request may take up to 4 weeks to process.

I also confirm I am an EU citizen, the original account owner and I have not used your services in the last 7 years.

Best Regards,
INSERT NAME HERE

Formal Data Request:

The introduction of the new GDPR legislation gives clients more control over what data is collected about them and how long that data is stored. With this legislation comes the ability for a customer/client to request this data. Requesting your data is a very simple process that only takes a few seconds, just click the button below;

Please be aware that we may ask for additional proof of identity before we can hand over the requested data, this is a standard security procedure that we carry out from time to time.

We will reply to your request within 4 weeks, from here we may ask for further proof of identity as well as a few security questions. Once complete we will hand over the data in standard format (.txt or .PDF), whereby you can review the collected information.

You may also request the data removal request directly by raising a ticket to our Support System, with the following format.

Example Request Format

Dear MyBB Themes Club,

I hereby formally request that a copy of all physical or digital personal data is provided to myself in a readable format.

I acknowledge this request may take up to 4 weeks to process.

I also confirm I am an EU citizen, the original account owner and I will be subject to additional identity checks.

Best Regards,
INSERT NAME HERE

Storage of Personal Data & Account / Profile Information:

The below data is stored for the mandatory 7 years required by HMRC in the event of an account audit: (7 year countdown timer starts from when you no longer have any active services and have opted to close your account)

  • Full Name
  • Full Address
  • Email Address
  • Phone Number
  • Country
  • Company Name
  • VAT Number
  • Order Records
  • Invoices
  • Transactions (ID’s, amounts, timestamps)

All other data is stored for 6 months before being purged from our databases, this includes, but is not limited to:

  • General logging (actions carried out on the control panel)
  • Email logs
  • Ticket attachments
  • Tickets and replies
  • API logs
  • Abuse reports
  • Live chat conversations etc

All of our client information / profile data is stored / replicated in multiple locations for redundancy. These locations are based in both the European Union and the United States. These are as follows…

  • London, United Kindom
  • Coventry, United Kingdom
  • Reading, United Kingdom
  • Munich, Germany
  • New York, United States

We employ the highest level of encryption for stored passwords, this includes the following:

  • CRYPT_BLOWFISH two-way encryption
  • Unique SALTS on a per user basis resulting in zero password hash clashing
  • High compute time for PASSWORD_BCRYPT/CRYPT_BLOWFISH algorithm
Updated on 25.05.2018.